[Lxc-users] Confusing behaviour using LXC container with systemd

Serge Hallyn serge.hallyn at ubuntu.com
Wed Mar 13 18:42:14 UTC 2013 

Quoting John (lxc at jelmail.com):
> On 12/03/13 23:21, Serge Hallyn wrote:
> >Quoting John (lxc at jelmail.com):
> >>On 12/03/13 22:25, Serge Hallyn wrote:
> >>>Quoting John (lxc at jelmail.com):
> >...
> >>[root at boron ~]# mount
> >>none on /dev type tmpfs (rw,relatime,size=100k)
> >>devpts on /dev/console type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
> >>devpts on /dev/tty1 type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
> >>proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
> >>sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
> >>tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
> >>devpts on /dev/pts type devpts
> >>(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
> >Note there is no 'newinstance' on the devpts mount here.  I suspect
> >that's the problem.  Note that lxc starts up and gives you a
> >newinstance devpts mount, so this one was done by systemd.
> >
> >Next step (unless I'm misreading) is to look through systemd code
> >to see what you can do to make it not mount that.
> >
> >-serge
> >
> I have made one step forward... I read here
> (http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface)
> that "the udev unit files will check for CAP_SYS_MKNOD, and skip
> udev if that is not available". So I added "lxc.cap.drop = mknod" to
> the container configuration and this has stopped devices getting
> messed up (well, at least it allows the dvb tuner I mentioned
> earlier to work). I still have the problem with character output on
> the terminal - I've asked the systemd people and they've said that
> it is lxc that mounts devpts and, to get that done properly (with
> newinstance), needs a confiiguration change in the container
> configuration.
> 
> I have gone back and checked my old init-based container and its
> mounts were without newinstance as well so I guess I am missing
> something in my configuration to make it mount that way?

You shouldn't to specify a devpts mount in your conatiner at all, lxc
does it for you regardless.

-serge

More information about the lxc-users mailing list